Cyberattack on the Infrastructure Alarms Petraeus, Coats

War always goes for the infrastructure: take out the bridges, cut off the electricity and water supplies. All that used to be done with artillery, tanks and bombs.

Going forward, it will be done by computers: Cyberwar.

Every day the early skirmishes — the tryout phase, if you will — are taking place. There are tens of thousands of probes of U.S. infrastructure by potential enemies, known and unknown, state and non-state. A few get through the defenses.

Jeremy Samide, chief executive officer of Stealthcare, a company that seeks to improve cyberdefenses for a diverse set of U.S. companies, sees the cyber battlefield starkly. He says the threat is very real; and he puts the threat of serious attack at 83 percent.

As Samide looks out across the United States from his base in Cleveland, he sees probes, the term of art for incoming cyberattacks, like an endless rain of arrows. Some, he says, will get through and the infrastructure is always at risk.

Director of National Intelligence Dan Coats issued a warning in July that the alarms for our digital infrastructure are “blinking.” He compared the situation to that in the country before the 9/11 terrorist attacks. The situation, he told the Hudson Institute in a speech, is “critical.” Coats singled out Russia as the most active of the probers of U.S. infrastructure.

Samide says probing can come from anywhere and Russia may be the most active of the cyber adventurers.

A common scenario, he says, is that the electric grid is target one. But considerable devastation could come from attacking banking, communications, transportation or water supply.

Retired Army Gen. David Petraeus, a former director of the CIA and current chairman of KKR Global Institute, in an article co-authored with Kiran Sridhar and published in Politico on Sept. 5, urges the creation of a new government agency devoted to cybersecurity.

Samide and others endorse this and worry that the government has much vital material spread across many agencies and not coordinated. Behind Petraeus’s thinking is one of the lessons of 9/11: Government departments aren’t good at sharing information.

Conventional wisdom has it that the electric grid is super-vulnerable. But Politico’s cybersecurity reporter David Perera, who consulted experts on the feasibility of taking down the grid, somewhat demurs. In a Politico article, he concluded that the kind of national blackout often theorized isn’t possible because of the complexity of the engineering in the grid and its diversity.

The difficulty, according to Perera, is for the intruder to drill down into the computer-managed engineering systems of the grid and attack the programmable controllers, also known as industrial control systems — the devices that run things, like moving load, closing down a power plant or shutting off the fuel supply. They are automation’s brain.

Perera’s article has been read by some as getting the utilities off the hook. But it doesn’t do that: Perera’s piece is not only well-researched and argued but also warns against complacency and ignoring the threat.

John Savage, emeritus professor of computer science at Brown University, says, “I perceive that the risk to all business is not changing very much. But to utilities, it is rising because it appears to be a new front in (Russian President Vladimir) Putin’s campaign to threaten Western interests. While I doubt that he would seek a direct conflict with us, he certainly is interested in making us uncomfortable. If he miscalculates, the consequences could be very serious.”

Samide warns against believing that all probes are equal in intent and purpose. He says there are various levels of probing from surveillance (checking on your operation) to reconnaissance (modeling your operation before a possible attack). Actual attacks, ranging from the political to the purely criminal, include ransomware attacks or the increasing cryptojacking in which a hacker hijacks a target’s processing power in order to mine cryptocurrency on the hacker’s behalf.

The threats are global and increasingly the attribution — the source of the attack — concealed. Other tactics, according to Samide, include misdirection: a classic espionage technique for diverting attention from the real aim of the attack.

The existential question is if cyberwar goes from low-grade to high-intensity, can we cope? And how effective are our countermeasures?